Account Information & Cracking Account Passwords

Cracking Passwords
-----------------------------------------------
Cracking Passwords is one of the key components in
performing a security assessment is the acquisition of user
account information and cracking of the account password.
There are many methods and tools that can be used to crack
passwords, however, you must first retrieve the information
to crack. And once again, there are many ways of acquiring
the account information. This article will illustrate one
method of acquiring user account information using a
combination of social engineering and open source tools. We
will then briefly go over a particular cracking method and
tool.

Handing Over the Keys to the Kingdom
-----------------------------------------------
On one particular occasion, we were instructed by a client
to do what ever it took, within legal means, to walk out of
their building with the network user account information. We
were introduced to one of the Sr. Engineering staff as a
consultant working on a new Anti-Virus solution. We asked
the Engineer to show us around the server room and he
happily did so. While we were talking, we asked him if he
would mind if we ran a specialized virus checker on one of
the Windows domain controllers and he readily provided us
with console access. The disk we were using was labeled to
look like it contained anti-virus tools. In reality, it
contained a modified version of a program called "pwdump".
The moment we ran the script, a bunch of information came up
that indicated that their systems memory was clear of any
known virus. What was really happening was all domain
account information and the corresponding password hashes
were being dumped to a file on the disk. We rapped up our
tour and walked out of the building with everything we
needed.

Windows Password Cracking
-----------------------------
When we returned to our office, we imported all the user
account information in a distributed password cracking
system (Multiple servers performing password cracking at the
same time). Within approximately 30 minutes we had cracked
70% of account passwords. The remaining accounts took
approximately two days.

An example of what this Windows account information looks
like is:

jdoe:1152:A5C67174B2A219D1

The jdoe accounts password is represented by its hashed
equivalent "A5C67174B2A219D1". This string of number and
letters, when deciphered, is "CrackMe". You can test this
with the tool I am going to introduce you tool in the next
section of this article. Without going into all the
technical details about how the cracking takes place, this
type of deciphering is basically done by trying to match up
the hashed password over time and a bunch of iterations.
When you take the word "CrackMe", and hash it, it produces
the string of numbers and letters (A5C67174B2A219D1). So
what you are really doing is matching that string, then
making the assumption that they human readable version is
"CrackMe".

How To Generate Password Hashes
-------------------------------
First and foremost I must warn you that the tool I am going
to point you tool is very powerful and could cause you
problems if you are not careful with it. You must agree to
hold me harmless if in fact you decide to download and use
this tool. This tool, called Cain & Abel is the Swiss Army knife
of cracking and does a lot more than just that.

Once it is installed on your system, you can go to the
"Tools" menu and choose "Hash Calculator". In the "Text to
Hash" box type "CrackMe" without the ""'s and hit calculate.
Look at the Type "LM" and you will see the hash from above
of ":A5C67174B2A219D1".

This tool as a great password cracking program and we use it
quite regularly. And as I said, it does a lot more than just
cracking so be careful with it.

Conclusion
-----------------------------
As I stated in the beginning of this article, there are many
ways to obtain account information and many more ways to
decipher it. In this case, we physically walked out of an
office building with everything we needed. Shortly after
cracking all the accounts we were able to use their remote
access system to gain entry into their internal network as
an administrator. There are also ways of capturing user
account information using man-in-the- middle attack
techniques, remote social engineering, and phishing just to
name a few.

The bottom line is, make your passwords complex, and change
them as often as you can

Did you find this article useful? For more useful tips and hints, points to ponder and keep in mind, techniques, and insights pertaining to Internet Business, do please browse for more information at our websites.
www.allhottips.comwww.bookstoretoday.com